GNUnet 0.28.0-dev.1-1-gd5f66caac
 
Loading...
Searching...
No Matches
Data Structures | Macros | Functions
gnsrecord_crypto.c File Reference

API for GNS record-related crypto. More...

#include "platform.h"
#include "gnsrecord_crypto.h"
Include dependency graph for gnsrecord_crypto.c:

Go to the source code of this file.

Data Structures

struct  KeyCacheLine
 Line in cache mapping private keys to public keys. More...
 
struct  EncryptionContextData
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
 
#define CSIZE   64
 

Functions

void GNR_derive_block_aes_key (unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Derive session key and iv from label and public key.
 
void GNR_derive_block_xsalsa_key (unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Derive session key and iv from label and public key.
 
static enum GNUNET_GenericReturnValue block_sign_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
 
static enum GNUNET_GenericReturnValue block_sign_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_sign (const struct GNUNET_CRYPTO_BlindablePrivateKey *key, const char *label, struct GNUNET_GNSRECORD_Block *block)
 Sign a block create with GNUNET_GNSRECORD_block_create_unsigned.
 
static enum GNUNET_GenericReturnValue block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
 Sign name and records.
 
static enum GNUNET_GenericReturnValue block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
 Sign name and records (EDDSA version)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create (const struct GNUNET_CRYPTO_BlindablePrivateKey *key, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Sign name and records.
 
static enum GNUNET_GenericReturnValue block_create2 (const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result, int sign)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create_unsigned (const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Create name and records but do not sign! Sign later with GNUNET_GNSRECORD_block_sign().
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create2 (const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Sign name and records, cache derived public key (also keeps the private key in static memory, so do not use this function if keeping the private key in the process'es RAM is a major issue).
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 Check if a signature is valid.
 
static enum GNUNET_GenericReturnValue block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
static enum GNUNET_GenericReturnValue block_decrypt_eddsa (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EddsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
void GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_CRYPTO_BlindablePrivateKey *zone, const char *label, struct GNUNET_HashCode *query)
 Calculate the DHT query for a given label in a given zone.
 
void GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_CRYPTO_BlindablePublicKey *pub, const char *label, struct GNUNET_HashCode *query)
 Calculate the DHT query for a given label in a given zone.
 
static enum GNUNET_GenericReturnValue block_open_ecdsa (void *cls, const char *label, const struct GNUNET_GNSRECORD_Block *block, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
static enum GNUNET_GenericReturnValue block_open_eddsa (void *cls, const char *label, const struct GNUNET_GNSRECORD_Block *block, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
static enum GNUNET_GenericReturnValue block_seal_not_implemented (void *cls, const char *label, struct GNUNET_TIME_Absolute expire, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data rd[rd_count], struct GNUNET_GNSRECORD_Block **result)
 
static enum GNUNET_GenericReturnValue block_seal (void *cls, const char *label, struct GNUNET_TIME_Absolute expire, unsigned int rd_count, const struct GNUNET_GNSRECORD_Data rd[rd_count], struct GNUNET_GNSRECORD_Block **result)
 
struct GNUNET_GNSRECORD_EncryptionContextGNUNET_GNSRECORD_encryption_context_setup_owner (const struct GNUNET_CRYPTO_BlindablePrivateKey *sk)
 Create a new encryption context for the zone owner.
 
struct GNUNET_GNSRECORD_EncryptionContextGNUNET_GNSRECORD_encryption_context_setup_resolver (const struct GNUNET_CRYPTO_BlindablePublicKey *zkey)
 Create a new encryption context for a resolver.
 
void GNUNET_GNSRECORD_encryption_context_destroy (struct GNUNET_GNSRECORD_EncryptionContext *ec)
 Cleanup and free the encryption context.
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_BlindablePublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 Decrypt block.
 

Detailed Description

API for GNS record-related crypto.

Author
Martin Schanzenbach
Matthias Wachs
Christian Grothoff

Definition in file gnsrecord_crypto.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)

Definition at line 31 of file gnsrecord_crypto.c.

◆ CSIZE

#define CSIZE   64

Function Documentation

◆ GNR_derive_block_aes_key()

void GNR_derive_block_aes_key ( unsigned char *  ctr,
unsigned char *  key,
const char *  label,
uint64_t  exp,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Derive session key and iv from label and public key.

Parameters
ivinitialization vector to initialize
skeysession key to initialize
labellabel to use for KDF
pubpublic key to use for KDF

4 byte nonce

Expiration time 64 bit.

Set counter part to 1

Definition at line 34 of file gnsrecord_crypto.c.

39{
40 static const char ctx_key[] = "gns-aes-ctx-key";
41 static const char ctx_iv[] = "gns-aes-ctx-iv";
42
43 GNUNET_CRYPTO_hkdf_gnunet (key, GNUNET_CRYPTO_AES_KEY_LENGTH,
44 ctx_key, strlen (ctx_key),
45 pub, sizeof(struct
46 GNUNET_CRYPTO_EcdsaPublicKey),
47 GNUNET_CRYPTO_kdf_arg_string (label));
48 memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
50 GNUNET_CRYPTO_hkdf_gnunet (ctr, 4,
51 ctx_iv, strlen (ctx_iv),
52 pub, sizeof(struct
53 GNUNET_CRYPTO_EcdsaPublicKey),
54 GNUNET_CRYPTO_kdf_arg_string (label));
56 memcpy (ctr + 4, &exp, sizeof (exp));
58 ctr[15] |= 0x01;
59}
key
struct GNUNET_HashCode key
The key used in the DHT.
Definition gnunet-dht-put.c:37
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition gnunet-scrypt.c:47
GNUNET_CRYPTO_hkdf_gnunet
#define GNUNET_CRYPTO_hkdf_gnunet(result, out_len, xts, xts_len, skm, skm_len,...)
A peculiar HKDF instantiation that tried to mimic Truncated NMAC.
Definition gnunet_crypto_lib.h:1525
GNUNET_CRYPTO_kdf_arg_string
#define GNUNET_CRYPTO_kdf_arg_string(d)
Definition gnunet_crypto_lib.h:1436
GNUNET_CRYPTO_AES_KEY_LENGTH
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes
Definition gnunet_crypto_lib.h:111
GNUNET_CRYPTO_EcdsaPublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Definition gnunet_crypto_lib.h:234

References GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_CRYPTO_hkdf_gnunet, GNUNET_CRYPTO_kdf_arg_string, key, and pub.

Referenced by block_create_ecdsa(), block_decrypt_ecdsa(), and run_pkey().

Here is the caller graph for this function:

◆ GNR_derive_block_xsalsa_key()

void GNR_derive_block_xsalsa_key ( unsigned char *  nonce,
unsigned char *  key,
const char *  label,
uint64_t  exp,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Derive session key and iv from label and public key.

Parameters
nonceinitialization vector to initialize
skeysession key to initialize
labellabel to use for KDF
pubpublic key to use for KDF

16 byte nonce

Expiration time 64 bit.

Definition at line 63 of file gnsrecord_crypto.c.

68{
69 static const char ctx_key[] = "gns-xsalsa-ctx-key";
70 static const char ctx_iv[] = "gns-xsalsa-ctx-iv";
71
72 GNUNET_CRYPTO_hkdf_gnunet (
73 key, crypto_secretbox_KEYBYTES,
74 ctx_key, strlen (ctx_key),
75 pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
76 GNUNET_CRYPTO_kdf_arg_string (label));
77 memset (nonce, 0, crypto_secretbox_NONCEBYTES);
79 GNUNET_CRYPTO_hkdf_gnunet (
80 nonce, (crypto_secretbox_NONCEBYTES - sizeof (exp)),
81 ctx_iv, strlen (ctx_iv),
82 pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
83 GNUNET_CRYPTO_kdf_arg_string (label));
85 memcpy (nonce + (crypto_secretbox_NONCEBYTES - sizeof (exp)),
86 &exp, sizeof (exp));
87}
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition gnunet_crypto_lib.h:219

References GNUNET_CRYPTO_hkdf_gnunet, GNUNET_CRYPTO_kdf_arg_string, key, and pub.

Referenced by block_create_eddsa(), block_decrypt_eddsa(), and run_edkey().

Here is the caller graph for this function:

◆ block_sign_ecdsa()

static enum GNUNET_GenericReturnValue block_sign_ecdsa ( const struct GNUNET_CRYPTO_EcdsaPrivateKey key,
const struct GNUNET_CRYPTO_EcdsaPublicKey pkey,
const char *  label,
struct GNUNET_GNSRECORD_Block block 
)
static

Definition at line 91 of file gnsrecord_crypto.c.

97{
98 struct GNRBlockPS *gnr_block;
99 struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
100 size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
101
102 gnr_block = GNUNET_malloc (size);
103 ecblock = &(block)->ecdsa_block;
104 gnr_block->purpose.size = htonl (size);
105 gnr_block->purpose.purpose =
106 htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
107 gnr_block->expiration_time = ecblock->expiration_time;
108 /* encrypt and sign */
109 GNUNET_memcpy (&gnr_block[1], &ecblock[1],
110 size - sizeof (*gnr_block));
111 GNUNET_CRYPTO_ecdsa_public_key_derive (pkey,
112 label,
113 "gns",
114 &ecblock->derived_key);
115 if (GNUNET_OK !=
116 GNUNET_CRYPTO_ecdsa_sign_derived (key,
117 label,
118 "gns",
119 &gnr_block->purpose,
120 &ecblock->signature))
121 {
122 GNUNET_break (0);
123 GNUNET_free (gnr_block);
124 return GNUNET_SYSERR;
125 }
126 GNUNET_free (gnr_block);
127 return GNUNET_OK;
128}
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition gnunet-namecache.c:58
GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
#define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
GNS record set signature (GNS)
Definition gnunet_signatures.h:124
GNUNET_CRYPTO_ecdsa_public_key_derive
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition crypto_ecc_gnsrecord.c:244
GNUNET_CRYPTO_ecdsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived(const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the mes...
Definition crypto_ecc_gnsrecord.c:178
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition gnunet_common.h:1320
GNUNET_OK
@ GNUNET_OK
Definition gnunet_common.h:114
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition gnunet_common.h:112
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition gnunet_common.h:1045
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition gnunet_common.h:1355
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition gnunet_common.h:1415
size
static unsigned int size
Size of the "table".
Definition peer.c:68
GNRBlockPS
Information we have in an encrypted block with record data (i.e.
Definition gnsrecord_crypto.h:39
GNRBlockPS::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition gnsrecord_crypto.h:49
GNRBlockPS::purpose
struct GNUNET_CRYPTO_SignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow.
Definition gnsrecord_crypto.h:44
GNUNET_CRYPTO_SignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition gnunet_crypto_lib.h:173
GNUNET_CRYPTO_SignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition gnunet_crypto_lib.h:165
GNUNET_GNSRECORD_Block::size
uint32_t size
Size of the block.
Definition gnunet_gnsrecord_lib.h:288
GNUNET_GNSRECORD_EcdsaBlock
Information we have in an encrypted block with record data (i.e.
Definition gnunet_gnsrecord_lib.h:238
GNUNET_GNSRECORD_EcdsaBlock::signature
struct GNUNET_CRYPTO_EcdsaSignature signature
Signature of the block.
Definition gnunet_gnsrecord_lib.h:247
GNUNET_GNSRECORD_EcdsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition gnunet_gnsrecord_lib.h:252
GNUNET_GNSRECORD_EcdsaBlock::derived_key
struct GNUNET_CRYPTO_EcdsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition gnunet_gnsrecord_lib.h:242

References GNUNET_GNSRECORD_EcdsaBlock::derived_key, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, GNRBlockPS::expiration_time, GNUNET_break, GNUNET_CRYPTO_ecdsa_public_key_derive(), GNUNET_CRYPTO_ecdsa_sign_derived(), GNUNET_free, GNUNET_malloc, GNUNET_memcpy, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, GNUNET_SYSERR, key, pkey, GNUNET_CRYPTO_SignaturePurpose::purpose, GNRBlockPS::purpose, GNUNET_GNSRECORD_EcdsaBlock::signature, GNUNET_CRYPTO_SignaturePurpose::size, GNUNET_GNSRECORD_Block::size, and size.

Referenced by block_create_ecdsa(), and GNUNET_GNSRECORD_block_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_sign_eddsa()

static enum GNUNET_GenericReturnValue block_sign_eddsa ( const struct GNUNET_CRYPTO_EddsaPrivateKey key,
const struct GNUNET_CRYPTO_EddsaPublicKey pkey,
const char *  label,
struct GNUNET_GNSRECORD_Block block 
)
static

Definition at line 132 of file gnsrecord_crypto.c.

138{
139 struct GNRBlockPS *gnr_block;
140 struct GNUNET_GNSRECORD_EddsaBlock *edblock;
141 size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
142 gnr_block = GNUNET_malloc (size);
143 edblock = &(block)->eddsa_block;
144 gnr_block->purpose.size = htonl (size);
145 gnr_block->purpose.purpose =
146 htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
147 gnr_block->expiration_time = edblock->expiration_time;
148 GNUNET_memcpy (&gnr_block[1], &edblock[1],
149 size - sizeof (*gnr_block));
150 /* encrypt and sign */
151 GNUNET_CRYPTO_eddsa_public_key_derive (pkey,
152 label,
153 "gns",
154 &edblock->derived_key);
155 GNUNET_CRYPTO_eddsa_sign_derived (key,
156 label,
157 "gns",
158 &gnr_block->purpose,
159 &edblock->signature);
160 GNUNET_free (gnr_block);
161 return GNUNET_OK;
162}
GNUNET_CRYPTO_eddsa_public_key_derive
void GNUNET_CRYPTO_eddsa_public_key_derive(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition crypto_ecc_gnsrecord.c:385
GNUNET_CRYPTO_eddsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived(const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_SignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
This is a signature function for EdDSA which takes a private key and derives it using the label and c...
Definition crypto_ecc_gnsrecord.c:75
GNUNET_GNSRECORD_EddsaBlock
Information we have in an encrypted block with record data (i.e.
Definition gnunet_gnsrecord_lib.h:262
GNUNET_GNSRECORD_EddsaBlock::derived_key
struct GNUNET_CRYPTO_EddsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition gnunet_gnsrecord_lib.h:266
GNUNET_GNSRECORD_EddsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition gnunet_gnsrecord_lib.h:276
GNUNET_GNSRECORD_EddsaBlock::signature
struct GNUNET_CRYPTO_EddsaSignature signature
Signature of the block.
Definition gnunet_gnsrecord_lib.h:271

References GNUNET_GNSRECORD_EddsaBlock::derived_key, GNUNET_GNSRECORD_EddsaBlock::expiration_time, GNRBlockPS::expiration_time, GNUNET_CRYPTO_eddsa_public_key_derive(), GNUNET_CRYPTO_eddsa_sign_derived(), GNUNET_free, GNUNET_malloc, GNUNET_memcpy, GNUNET_OK, GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN, key, pkey, GNUNET_CRYPTO_SignaturePurpose::purpose, GNRBlockPS::purpose, GNUNET_GNSRECORD_EddsaBlock::signature, GNUNET_CRYPTO_SignaturePurpose::size, GNUNET_GNSRECORD_Block::size, and size.

Referenced by block_create_eddsa(), and GNUNET_GNSRECORD_block_sign().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_create_ecdsa()

static enum GNUNET_GenericReturnValue block_create_ecdsa ( const struct GNUNET_CRYPTO_EcdsaPrivateKey key,
const struct GNUNET_CRYPTO_EcdsaPublicKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  block,
int  sign 
)
static

Sign name and records.

Parameters
keythe private key
pkeyassociated public key
expireblock expiration
labelthe name for the records
rdrecord data
rd_countnumber of records
blockthe block result. Must be allocated sufficiently.
signsign the block GNUNET_NO if block will be signed later.
Returns
GNUNET_SYSERR on error (otherwise GNUNET_OK)

Definition at line 215 of file gnsrecord_crypto.c.

223{
224 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
225 rd);
226 struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
227 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
228 unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
229 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
230 struct GNUNET_TIME_Absolute now;
231
232 if (payload_len < 0)
233 {
234 GNUNET_break (0);
235 return GNUNET_SYSERR;
236 }
237 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
238 {
239 GNUNET_break (0);
240 return GNUNET_SYSERR;
241 }
242 /* convert relative to absolute times */
243 now = GNUNET_TIME_absolute_get ();
244 for (unsigned int i = 0; i < rd_count; i++)
245 {
246 rdc[i] = rd[i];
247 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
248 {
249 struct GNUNET_TIME_Relative t;
250
251 /* encrypted blocks must never have relative expiration times, convert! */
252 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
253 t.rel_value_us = rdc[i].expiration_time;
254 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
255 }
256 }
257 /* serialize */
258 *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
259 (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
260 {
261 char payload[payload_len];
262
263 GNUNET_assert (payload_len ==
264 GNUNET_GNSRECORD_records_serialize (rd_count,
265 rdc,
266 payload_len,
267 payload));
268 ecblock = &(*block)->ecdsa_block;
269 (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
270 ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
271 GNR_derive_block_aes_key (ctr,
272 skey,
273 label,
274 ecblock->expiration_time.abs_value_us__,
275 pkey);
276 GNUNET_CRYPTO_aes_ctr (payload,
277 payload_len,
278 skey,
279 ctr,
280 &ecblock[1]);
281 }
282 if (GNUNET_YES != sign)
283 return GNUNET_OK;
284 if (GNUNET_OK !=
285 block_sign_ecdsa (key, pkey, label, *block))
286 {
287 GNUNET_break (0);
288 GNUNET_free (*block);
289 return GNUNET_SYSERR;
290 }
291 return GNUNET_OK;
292}
block_sign_ecdsa
static enum GNUNET_GenericReturnValue block_sign_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition gnsrecord_crypto.c:91
GNR_derive_block_aes_key
void GNR_derive_block_aes_key(unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition gnsrecord_crypto.c:34
GNUNET_GNSRECORD_TYPE_PKEY
#define GNUNET_GNSRECORD_TYPE_PKEY
WARNING: This header is generated! In order to add GNS record types, you must register them in GANA,...
Definition gnu_name_system_record_types.h:43
expire
static char * expire
DID Document expiration Date Attribute String.
Definition gnunet-did.c:98
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition gnunet-namestore-zonefile.c:302
rd_count
static unsigned int rd_count
Number of records for currently parsed set.
Definition gnunet-namestore-zonefile.c:241
rd
static struct GNUNET_GNSRECORD_Data rd[50]
The record data under a single label.
Definition gnunet-namestore-zonefile.c:226
payload
static unsigned long long payload
How much data are we currently storing in the database?
Definition gnunet-service-datastore.c:183
GNUNET_CRYPTO_aes_ctr
void GNUNET_CRYPTO_aes_ctr(const void *in_buf, size_t in_buf_len, const unsigned char key[(256/8)], const unsigned char iv[(128/8)], void *out_buf)
Decrypt or encrypt a given block using a symmetric key using AES in counter mode.
GNUNET_GNSRECORD_MAX_BLOCK_SIZE
#define GNUNET_GNSRECORD_MAX_BLOCK_SIZE
Maximum size of a value that can be stored in a GNS block.
Definition gnunet_gnsrecord_lib.h:60
GNUNET_GNSRECORD_records_serialize
ssize_t GNUNET_GNSRECORD_records_serialize(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd, size_t dest_size, char *dest)
Serialize the given records to the given destination buffer.
Definition gnsrecord_serialization.c:136
GNUNET_GNSRECORD_records_get_size
ssize_t GNUNET_GNSRECORD_records_get_size(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Calculate how many bytes we will need to serialize the given records.
Definition gnsrecord_serialization.c:78
GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
@ GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
This expiration time of the record is a relative time (not an absolute time).
Definition gnunet_gnsrecord_lib.h:132
GNUNET_NZL
#define GNUNET_NZL(l)
Macro used to avoid using 0 for the length of a variable-size array (Non-Zero-Length).
Definition gnunet_common.h:235
GNUNET_YES
@ GNUNET_YES
Definition gnunet_common.h:116
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition gnunet_common.h:960
GNUNET_TIME_absolute_get
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition time.c:111
GNUNET_TIME_absolute_add
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition time.c:452
GNUNET_TIME_absolute_hton
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition time.c:636
GNUNET_GNSRECORD_Block
Definition gnunet_gnsrecord_lib.h:284
GNUNET_GNSRECORD_Data
A GNS record.
Definition gnunet_gnsrecord_lib.h:177
GNUNET_TIME_AbsoluteNBO::abs_value_us__
uint64_t abs_value_us__
The actual value (in network byte order).
Definition gnunet_time_lib.h:111
GNUNET_TIME_Absolute
Time for absolute times used by GNUnet, in microseconds.
Definition gnunet_time_lib.h:54
GNUNET_TIME_Absolute::abs_value_us
uint64_t abs_value_us
The actual value.
Definition gnunet_time_lib.h:59
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition gnunet_time_lib.h:79

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, block_sign_ecdsa(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, expire, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_aes_key(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_aes_ctr(), GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_free, GNUNET_GNSRECORD_MAX_BLOCK_SIZE, GNUNET_GNSRECORD_records_get_size(), GNUNET_GNSRECORD_records_serialize(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_TYPE_PKEY, GNUNET_malloc, GNUNET_NZL, GNUNET_OK, GNUNET_SYSERR, GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GNUNET_YES, key, payload, pkey, rd, rd_count, and t.

Referenced by block_create2(), and GNUNET_GNSRECORD_block_create().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_create_eddsa()

static enum GNUNET_GenericReturnValue block_create_eddsa ( const struct GNUNET_CRYPTO_EddsaPrivateKey key,
const struct GNUNET_CRYPTO_EddsaPublicKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  block,
int  sign 
)
static

Sign name and records (EDDSA version)

Parameters
keythe private key
pkeyassociated public key
expireblock expiration
labelthe name for the records
rdrecord data
rd_countnumber of records
blockwhere to store the block. Must be allocated sufficiently.
signGNUNET_YES if block shall be signed as well
Returns
GNUNET_SYSERR on error (otherwise GNUNET_OK)

Definition at line 309 of file gnsrecord_crypto.c.

317{
318 ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
319 rd);
320 struct GNUNET_GNSRECORD_EddsaBlock *edblock;
321 unsigned char nonce[crypto_secretbox_NONCEBYTES];
322 unsigned char skey[crypto_secretbox_KEYBYTES];
323 struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
324 struct GNUNET_TIME_Absolute now;
325
326 if (payload_len < 0)
327 {
328 GNUNET_break (0);
329 return GNUNET_SYSERR;
330 }
331 if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
332 {
333 GNUNET_break (0);
334 return GNUNET_SYSERR;
335 }
336 /* convert relative to absolute times */
337 now = GNUNET_TIME_absolute_get ();
338 for (unsigned int i = 0; i < rd_count; i++)
339 {
340 rdc[i] = rd[i];
341 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
342 {
343 struct GNUNET_TIME_Relative t;
344
345 /* encrypted blocks must never have relative expiration times, convert! */
346 rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
347 t.rel_value_us = rdc[i].expiration_time;
348 rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
349 }
350 }
351 /* serialize */
352 *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block)
353 + payload_len + crypto_secretbox_MACBYTES);
354 (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block)
355 + payload_len + crypto_secretbox_MACBYTES);
356 {
357 char payload[payload_len];
358
359 GNUNET_assert (payload_len ==
360 GNUNET_GNSRECORD_records_serialize (rd_count,
361 rdc,
362 payload_len,
363 payload));
364 edblock = &(*block)->eddsa_block;
365 (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
366 edblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
367 GNR_derive_block_xsalsa_key (nonce,
368 skey,
369 label,
370 edblock->expiration_time.abs_value_us__,
371 pkey);
372 GNUNET_assert (GNUNET_OK ==
373 GNUNET_CRYPTO_xsalsa20poly1305_encrypt (
374 payload_len,
375 (unsigned char*) payload,
376 skey,
377 nonce,
378 &edblock[1]));
379 if (GNUNET_YES != sign)
380 return GNUNET_OK;
381 block_sign_eddsa (key, pkey, label, *block);
382 }
383 return GNUNET_OK;
384}
GNR_derive_block_xsalsa_key
void GNR_derive_block_xsalsa_key(unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition gnsrecord_crypto.c:63
block_sign_eddsa
static enum GNUNET_GenericReturnValue block_sign_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition gnsrecord_crypto.c:132
GNUNET_GNSRECORD_TYPE_EDKEY
#define GNUNET_GNSRECORD_TYPE_EDKEY
GNS zone delegation (EDKEY)
Definition gnu_name_system_record_types.h:157
GNUNET_CRYPTO_xsalsa20poly1305_encrypt
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_xsalsa20poly1305_encrypt(size_t in_buf_len, const unsigned char in_buf[in_buf_len], const unsigned char key[crypto_secretbox_xsalsa20poly1305_KEYBYTES], const unsigned char nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES], void *out_buf)
Encrypt the given data using XSalsa20-Poly1305.

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, block_sign_eddsa(), GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EddsaBlock::expiration_time, expire, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_xsalsa_key(), GNUNET_assert, GNUNET_break, GNUNET_CRYPTO_xsalsa20poly1305_encrypt(), GNUNET_GNSRECORD_MAX_BLOCK_SIZE, GNUNET_GNSRECORD_records_get_size(), GNUNET_GNSRECORD_records_serialize(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_TYPE_EDKEY, GNUNET_malloc, GNUNET_NZL, GNUNET_OK, GNUNET_SYSERR, GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), GNUNET_TIME_absolute_hton(), GNUNET_YES, key, payload, pkey, rd, rd_count, and t.

Referenced by block_create2(), and GNUNET_GNSRECORD_block_create().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_create2()

static enum GNUNET_GenericReturnValue block_create2 ( const struct GNUNET_CRYPTO_BlindablePrivateKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  result,
int  sign 
)
static

Definition at line 452 of file gnsrecord_crypto.c.

459{
460 const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
461 struct GNUNET_CRYPTO_EddsaPublicKey edpubkey;
462 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
463 char *norm_label;
464#define CSIZE 64
465 static struct KeyCacheLine cache[CSIZE];
466 struct KeyCacheLine *line;
467
468 norm_label = GNUNET_GNSRECORD_string_normalize (label);
469
470 if (GNUNET_PUBLIC_KEY_TYPE_ECDSA == ntohl (pkey->type))
471 {
472 key = &pkey->ecdsa_key;
473
474 line = &cache[(*(unsigned int *) key) % CSIZE];
475 if (0 != memcmp (&line->key,
476 key,
477 sizeof(*key)))
478 {
479 /* cache miss, recompute */
480 line->key = *key;
481 GNUNET_CRYPTO_ecdsa_key_get_public (key,
482 &line->pkey);
483 }
484 res = block_create_ecdsa (key,
485 &line->pkey,
486 expire,
487 norm_label,
488 rd,
489 rd_count,
490 result,
491 sign);
492 }
493 else if (GNUNET_PUBLIC_KEY_TYPE_EDDSA == ntohl (pkey->type))
494 {
495 GNUNET_CRYPTO_eddsa_key_get_public (&pkey->eddsa_key,
496 &edpubkey);
497 res = block_create_eddsa (&pkey->eddsa_key,
498 &edpubkey,
499 expire,
500 norm_label,
501 rd,
502 rd_count,
503 result,
504 sign);
505 }
506#undef CSIZE
507 GNUNET_free (norm_label);
508 return res;
509}
block_create_ecdsa
static enum GNUNET_GenericReturnValue block_create_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records.
Definition gnsrecord_crypto.c:215
block_create_eddsa
static enum GNUNET_GenericReturnValue block_create_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records (EDDSA version)
Definition gnsrecord_crypto.c:309
CSIZE
#define CSIZE
line
static char * line
Desired phone line (string to be converted to a hash).
Definition gnunet-conversation.c:155
res
static char * res
Currently read line or NULL on EOF.
Definition gnunet-namestore-zonefile.c:256
result
static int result
Global testing status.
Definition gnunet-regex-profiler.c:240
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition crypto_ecc.c:201
GNUNET_CRYPTO_ecdsa_key_get_public
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive key.
Definition crypto_ecc.c:190
GNUNET_GNSRECORD_string_normalize
char * GNUNET_GNSRECORD_string_normalize(const char *src)
Normalize a UTF-8 string to a GNS name.
Definition gnsrecord_misc.c:36
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition gnunet_common.h:111
GNUNET_PUBLIC_KEY_TYPE_EDDSA
@ GNUNET_PUBLIC_KEY_TYPE_EDDSA
EDDSA identity.
Definition gnunet_crypto_lib.h:408
GNUNET_PUBLIC_KEY_TYPE_ECDSA
@ GNUNET_PUBLIC_KEY_TYPE_ECDSA
The identity type.
Definition gnunet_crypto_lib.h:402
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition gnunet_crypto_lib.h:283
KeyCacheLine
Line in cache mapping private keys to public keys.
Definition gnsrecord_crypto.c:438

References block_create_ecdsa(), block_create_eddsa(), CSIZE, expire, GNUNET_CRYPTO_ecdsa_key_get_public(), GNUNET_CRYPTO_eddsa_key_get_public(), GNUNET_free, GNUNET_GNSRECORD_string_normalize(), GNUNET_PUBLIC_KEY_TYPE_ECDSA, GNUNET_PUBLIC_KEY_TYPE_EDDSA, GNUNET_SYSERR, key, KeyCacheLine::key, line, pkey, rd, rd_count, res, and result.

Referenced by block_seal(), GNUNET_GNSRECORD_block_create2(), and GNUNET_GNSRECORD_block_create_unsigned().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_decrypt_ecdsa()

static enum GNUNET_GenericReturnValue block_decrypt_ecdsa ( const struct GNUNET_GNSRECORD_Block block,
const struct GNUNET_CRYPTO_EcdsaPublicKey zone_key,
const char *  label,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)
static

Definition at line 605 of file gnsrecord_crypto.c.

611{
612 size_t payload_len = ntohl (block->size)
613 - sizeof (struct GNUNET_GNSRECORD_Block);
614 unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
615 unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
616
617 if (ntohl (block->size) <
618 sizeof (struct GNUNET_GNSRECORD_Block))
619 {
620 GNUNET_break_op (0);
621 return GNUNET_SYSERR;
622 }
623 GNUNET_assert (payload_len <= UINT16_MAX);
624 GNR_derive_block_aes_key (ctr,
625 key,
626 label,
627 block->ecdsa_block.expiration_time.abs_value_us__,
628 zone_key);
629 {
630 char payload[payload_len];
631 unsigned int rd_count;
632
633 GNUNET_CRYPTO_aes_ctr (&block[1],
634 payload_len,
635 key,
636 ctr,
637 payload);
638 rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
639 payload);
640 if (rd_count > 2048)
641 {
642 /* limit to sane value */
643 GNUNET_break_op (0);
644 return GNUNET_SYSERR;
645 }
646 {
647 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
648 unsigned int j;
649 struct GNUNET_TIME_Absolute now;
650
651 if (GNUNET_OK !=
652 GNUNET_GNSRECORD_records_deserialize (payload_len,
653 payload,
654 rd_count,
655 rd))
656 {
657 GNUNET_break_op (0);
658 return GNUNET_SYSERR;
659 }
660 /* hide expired records */
661 now = GNUNET_TIME_absolute_get ();
662 j = 0;
663 for (unsigned int i = 0; i < rd_count; i++)
664 {
665 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
666 {
667 /* encrypted blocks must never have relative expiration times, skip! */
668 GNUNET_break_op (0);
669 continue;
670 }
671
672 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
673 {
674 int include_record = GNUNET_YES;
675 /* Shadow record, figure out if we have a not expired active record */
676 for (unsigned int k = 0; k < rd_count; k++)
677 {
678 if (k == i)
679 continue;
680 if (rd[i].expiration_time < now.abs_value_us)
681 include_record = GNUNET_NO; /* Shadow record is expired */
682 if ((rd[k].record_type == rd[i].record_type) &&
683 (rd[k].expiration_time >= now.abs_value_us) &&
684 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
685 {
686 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
687 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
688 "Ignoring shadow record\n");
689 break;
690 }
691 }
692 if (GNUNET_YES == include_record)
693 {
694 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
695 if (j != i)
696 rd[j] = rd[i];
697 j++;
698 }
699 }
700 else if (rd[i].expiration_time >= now.abs_value_us)
701 {
702 /* Include this record */
703 if (j != i)
704 rd[j] = rd[i];
705 j++;
706 }
707 else
708 {
709 struct GNUNET_TIME_Absolute at;
710
711 at.abs_value_us = rd[i].expiration_time;
712 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
713 "Excluding record that expired %s (%llu ago)\n",
714 GNUNET_STRINGS_absolute_time_to_string (at),
715 (unsigned long long) rd[i].expiration_time
716 - now.abs_value_us);
717 }
718 }
719 rd_count = j;
720 if (NULL != proc)
721 proc (proc_cls,
722 rd_count,
723 (0 != rd_count) ? rd : NULL);
724 }
725 }
726 return GNUNET_OK;
727}
GNUNET_GNSRECORD_records_deserialize
int GNUNET_GNSRECORD_records_deserialize(size_t len, const char *src, unsigned int rd_count, struct GNUNET_GNSRECORD_Data *dest)
Deserialize the given records to the given destination.
Definition gnsrecord_serialization.c:244
GNUNET_GNSRECORD_records_deserialize_get_size
unsigned int GNUNET_GNSRECORD_records_deserialize_get_size(size_t len, const char *src)
Definition gnsrecord_serialization.c:199
GNUNET_GNSRECORD_RF_SHADOW
@ GNUNET_GNSRECORD_RF_SHADOW
This record should not be used unless all (other) records in the set with an absolute expiration time...
Definition gnunet_gnsrecord_lib.h:116
GNUNET_log
#define GNUNET_log(kind,...)
Definition gnunet_common.h:551
GNUNET_NO
@ GNUNET_NO
Definition gnunet_common.h:113
GNUNET_break_op
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
Definition gnunet_common.h:1067
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition gnunet_common.h:423
GNUNET_STRINGS_absolute_time_to_string
const char * GNUNET_STRINGS_absolute_time_to_string(struct GNUNET_TIME_Absolute t)
Like asctime, except for GNUnet time.
Definition strings.c:671
GNUNET_GNSRECORD_Block::ecdsa_block
struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block
Definition gnunet_gnsrecord_lib.h:297
GNUNET_GNSRECORD_Data::flags
enum GNUNET_GNSRECORD_Flags flags
Flags for the record.
Definition gnunet_gnsrecord_lib.h:205
GNUNET_GNSRECORD_Data::expiration_time
uint64_t expiration_time
Expiration time for the DNS record.
Definition gnunet_gnsrecord_lib.h:190

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, GNUNET_GNSRECORD_Block::ecdsa_block, GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EcdsaBlock::expiration_time, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_aes_key(), GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_aes_ctr(), GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_ERROR_TYPE_INFO, GNUNET_GNSRECORD_records_deserialize(), GNUNET_GNSRECORD_records_deserialize_get_size(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_RF_SHADOW, GNUNET_log, GNUNET_NO, GNUNET_NZL, GNUNET_OK, GNUNET_STRINGS_absolute_time_to_string(), GNUNET_SYSERR, GNUNET_TIME_absolute_get(), GNUNET_YES, key, payload, rd, rd_count, and GNUNET_GNSRECORD_Block::size.

Referenced by block_open_ecdsa().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_decrypt_eddsa()

static enum GNUNET_GenericReturnValue block_decrypt_eddsa ( const struct GNUNET_GNSRECORD_Block block,
const struct GNUNET_CRYPTO_EddsaPublicKey zone_key,
const char *  label,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)
static

Definition at line 731 of file gnsrecord_crypto.c.

737{
738 size_t payload_len = ntohl (block->size)
739 - sizeof (struct GNUNET_GNSRECORD_Block);
740 unsigned char nonce[crypto_secretbox_NONCEBYTES];
741 unsigned char key[crypto_secretbox_KEYBYTES];
742
743 if (ntohl (block->size) <
744 sizeof(struct GNUNET_GNSRECORD_Block))
745 {
746 GNUNET_break_op (0);
747 return GNUNET_SYSERR;
748 }
749 GNR_derive_block_xsalsa_key (nonce,
750 key,
751 label,
752 block->eddsa_block.expiration_time.abs_value_us__
753 ,
754 zone_key);
755 {
756 char payload[payload_len];
757 unsigned int rd_count;
758
759 GNUNET_assert (GNUNET_OK ==
760 GNUNET_CRYPTO_xsalsa20poly1305_decrypt (
761 payload_len,
762 (unsigned char*) &block[1],
763 key,
764 nonce,
765 payload));
766 payload_len -= crypto_secretbox_MACBYTES;
767 rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
768 payload);
769 if (rd_count > 2048)
770 {
771 /* limit to sane value */
772 GNUNET_break_op (0);
773 return GNUNET_SYSERR;
774 }
775 {
776 struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
777 unsigned int j;
778 struct GNUNET_TIME_Absolute now;
779
780 if (GNUNET_OK !=
781 GNUNET_GNSRECORD_records_deserialize (payload_len,
782 payload,
783 rd_count,
784 rd))
785 {
786 GNUNET_break_op (0);
787 return GNUNET_SYSERR;
788 }
789 /* hide expired records */
790 now = GNUNET_TIME_absolute_get ();
791 j = 0;
792 for (unsigned int i = 0; i < rd_count; i++)
793 {
794 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
795 {
796 /* encrypted blocks must never have relative expiration times, skip! */
797 GNUNET_break_op (0);
798 continue;
799 }
800
801 if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
802 {
803 int include_record = GNUNET_YES;
804 /* Shadow record, figure out if we have a not expired active record */
805 for (unsigned int k = 0; k < rd_count; k++)
806 {
807 if (k == i)
808 continue;
809 if (rd[i].expiration_time < now.abs_value_us)
810 include_record = GNUNET_NO; /* Shadow record is expired */
811 if ((rd[k].record_type == rd[i].record_type) &&
812 (rd[k].expiration_time >= now.abs_value_us) &&
813 (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
814 {
815 include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
816 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
817 "Ignoring shadow record\n");
818 break;
819 }
820 }
821 if (GNUNET_YES == include_record)
822 {
823 rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
824 if (j != i)
825 rd[j] = rd[i];
826 j++;
827 }
828 }
829 else if (rd[i].expiration_time >= now.abs_value_us)
830 {
831 /* Include this record */
832 if (j != i)
833 rd[j] = rd[i];
834 j++;
835 }
836 else
837 {
838 struct GNUNET_TIME_Absolute at;
839
840 at.abs_value_us = rd[i].expiration_time;
841 GNUNET_log (GNUNET_ERROR_TYPE_INFO,
842 "Excluding record that expired %s (%llu ago)\n",
843 GNUNET_STRINGS_absolute_time_to_string (at),
844 (unsigned long long) rd[i].expiration_time
845 - now.abs_value_us);
846 }
847 }
848 rd_count = j;
849 if (NULL != proc)
850 proc (proc_cls,
851 rd_count,
852 (0 != rd_count) ? rd : NULL);
853 }
854 }
855 return GNUNET_OK;
856}
GNUNET_CRYPTO_xsalsa20poly1305_decrypt
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_xsalsa20poly1305_decrypt(size_t in_buf_len, const unsigned char in_buf[in_buf_len], const unsigned char key[crypto_secretbox_xsalsa20poly1305_KEYBYTES], const unsigned char nonce[crypto_secretbox_xsalsa20poly1305_NONCEBYTES], void *out_buf)
Encrypt the given data using XSalsa20-Poly1305.
GNUNET_GNSRECORD_Block::eddsa_block
struct GNUNET_GNSRECORD_EddsaBlock eddsa_block
Definition gnunet_gnsrecord_lib.h:298

References GNUNET_TIME_Absolute::abs_value_us, GNUNET_TIME_AbsoluteNBO::abs_value_us__, GNUNET_GNSRECORD_Block::eddsa_block, GNUNET_GNSRECORD_Data::expiration_time, GNUNET_GNSRECORD_EddsaBlock::expiration_time, GNUNET_GNSRECORD_Data::flags, GNR_derive_block_xsalsa_key(), GNUNET_assert, GNUNET_break_op, GNUNET_CRYPTO_xsalsa20poly1305_decrypt(), GNUNET_ERROR_TYPE_INFO, GNUNET_GNSRECORD_records_deserialize(), GNUNET_GNSRECORD_records_deserialize_get_size(), GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION, GNUNET_GNSRECORD_RF_SHADOW, GNUNET_log, GNUNET_NO, GNUNET_NZL, GNUNET_OK, GNUNET_STRINGS_absolute_time_to_string(), GNUNET_SYSERR, GNUNET_TIME_absolute_get(), GNUNET_YES, key, payload, rd, rd_count, and GNUNET_GNSRECORD_Block::size.

Referenced by block_open_eddsa().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_open_ecdsa()

static enum GNUNET_GenericReturnValue block_open_ecdsa ( void *  cls,
const char *  label,
const struct GNUNET_GNSRECORD_Block block,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)
static

Definition at line 943 of file gnsrecord_crypto.c.

948{
949 struct EncryptionContextData *ecd = cls;
950 enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
951 char *norm_label;
952
953 norm_label = GNUNET_GNSRECORD_string_normalize (label);
954 return block_decrypt_ecdsa (block,
955 &ecd->zkey.ecdsa_key,
956 norm_label, proc,
957 proc_cls);
958 GNUNET_free (norm_label);
959 return res;
960
961}
block_decrypt_ecdsa
static enum GNUNET_GenericReturnValue block_decrypt_ecdsa(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Definition gnsrecord_crypto.c:605
EncryptionContextData::zkey
struct GNUNET_CRYPTO_BlindablePublicKey zkey
Definition gnsrecord_crypto.c:939
GNUNET_CRYPTO_BlindablePublicKey::ecdsa_key
struct GNUNET_CRYPTO_EcdsaPublicKey ecdsa_key
An ECDSA identity key.
Definition gnunet_crypto_lib.h:468

References block_decrypt_ecdsa(), GNUNET_CRYPTO_BlindablePublicKey::ecdsa_key, GNUNET_free, GNUNET_GNSRECORD_string_normalize(), GNUNET_SYSERR, res, and EncryptionContextData::zkey.

Referenced by GNUNET_GNSRECORD_encryption_context_setup_owner(), and GNUNET_GNSRECORD_encryption_context_setup_resolver().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_open_eddsa()

static enum GNUNET_GenericReturnValue block_open_eddsa ( void *  cls,
const char *  label,
const struct GNUNET_GNSRECORD_Block block,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)
static

Definition at line 965 of file gnsrecord_crypto.c.

970{
971 struct EncryptionContextData *ecd = cls;
972 enum GNUNET_GenericReturnValue res;
973 char *norm_label;
974
975 norm_label = GNUNET_GNSRECORD_string_normalize (label);
976 res = block_decrypt_eddsa (block,
977 &ecd->zkey.eddsa_key,
978 norm_label, proc,
979 proc_cls);
980 GNUNET_free (norm_label);
981 return res;
982}
block_decrypt_eddsa
static enum GNUNET_GenericReturnValue block_decrypt_eddsa(const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EddsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
Definition gnsrecord_crypto.c:731
GNUNET_CRYPTO_BlindablePublicKey::eddsa_key
struct GNUNET_CRYPTO_EddsaPublicKey eddsa_key
AN EdDSA identtiy key.
Definition gnunet_crypto_lib.h:473

References block_decrypt_eddsa(), GNUNET_CRYPTO_BlindablePublicKey::eddsa_key, GNUNET_free, GNUNET_GNSRECORD_string_normalize(), res, and EncryptionContextData::zkey.

Referenced by GNUNET_GNSRECORD_encryption_context_setup_owner(), and GNUNET_GNSRECORD_encryption_context_setup_resolver().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_seal_not_implemented()

static enum GNUNET_GenericReturnValue block_seal_not_implemented ( void *  cls,
const char *  label,
struct GNUNET_TIME_Absolute  expire,
unsigned int  rd_count,
const struct GNUNET_GNSRECORD_Data  rd[rd_count],
struct GNUNET_GNSRECORD_Block **  result 
)
static

Definition at line 986 of file gnsrecord_crypto.c.

992{
993 GNUNET_break (0);
994 return GNUNET_SYSERR;
995}

References GNUNET_break, and GNUNET_SYSERR.

Referenced by GNUNET_GNSRECORD_encryption_context_setup_resolver().

Here is the caller graph for this function:

◆ block_seal()

static enum GNUNET_GenericReturnValue block_seal ( void *  cls,
const char *  label,
struct GNUNET_TIME_Absolute  expire,
unsigned int  rd_count,
const struct GNUNET_GNSRECORD_Data  rd[rd_count],
struct GNUNET_GNSRECORD_Block **  result 
)
static

Definition at line 999 of file gnsrecord_crypto.c.

1005{
1006 struct EncryptionContextData *ecd = cls;
1007
1008 return block_create2 (ecd->sk,
1009 expire,
1010 label,
1011 rd,
1012 rd_count,
1013 result,
1014 GNUNET_YES);
1015}
block_create2
static enum GNUNET_GenericReturnValue block_create2(const struct GNUNET_CRYPTO_BlindablePrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result, int sign)
Definition gnsrecord_crypto.c:452
EncryptionContextData::sk
struct GNUNET_CRYPTO_BlindablePrivateKey * sk
Definition gnsrecord_crypto.c:937

References block_create2(), expire, GNUNET_YES, rd, rd_count, result, and EncryptionContextData::sk.

Referenced by GNUNET_GNSRECORD_encryption_context_setup_owner().

Here is the call graph for this function:
Here is the caller graph for this function: